RE: [Ntop] Kazaa, WinMX

[Burton M. Strauss III]

Read the back traffic on the list and docs/FAQ - it's possible - for traffic that happens to use those ports to be classified as such.   If you're seeing real user names in the p2p names (Info about host xxx page), then, well, you DO have users running those protocols.   Try capturing some traffic with a sniffer - tcpdump or ethereal - and run an eye over it.  Something like this (WinMX)   tcpdump -Xx -s 256 -c 25 "port 6699 or 7730"     -----Burton     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ben Swaby Sent: Friday, March 14, 2003 2:26 PM To: [EMAIL PROTECTED] Subject: [Ntop] Kazaa, WinMX NTOP is reporting that Kazaa, WinMX, and eDonkey is running on some of my servers and client computers.  I know for a fact that none of that have been installed on the servers and I have checked the client computers and don’t see any sign of it there.  I don’t know what else to check for.   Please Help Ben